KPN mandatory SMS authentication: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SloppyAI}} | |||
{{IncidentCargo | {{IncidentCargo | ||
|Company=KPN | |Company=KPN | ||
Latest revision as of 16:19, 6 March 2026
🔧 Article status notice: This article may rely heavily on AI/LLMs
This article has been marked because it may have heavy use of LLM generated text that affects its perceived or actual reliability and credibility.
To contact a moderator for removal of this notice once the article's issues have been resolved, or if this was a mistake, please use either the Moderator's noticeboard, or the #appeals channel on our Discord server (Join using this link]).
Learn more ▼
Background
[edit | edit source]KPN’s MijnKPN service provides customer access to billing, subscription management, and account settings for broadband, television, and mobile services. In 2024, KPN introduced **mandatory two-step verification (2FA)** to improve account security. While 2FA is a common security measure, KPN’s implementation relies exclusively on SMS messages to mobile phones, with **no officially supported landline, email, or hardware token alternatives**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))
Incident
[edit | edit source]In early 2024, KPN began enforcing **mandatory SMS-based 2FA for all customers**. Users must enter a one-time code sent to their registered mobile number to access their accounts. Customers without mobile phones, non-Dutch mobile numbers, or with device issues cannot complete the authentication process, effectively restricting access.
Community reports confirm that KPN support advises users in such cases to **obtain a local mobile device** or contact support to regain access. The policy has been systemically applied across the customer base, demonstrating it is a **corporate-wide requirement** rather than isolated incidents. ([KPN Community](https://community.kpn.com/kpn-id-en-mijnkpn-29/hoe-gebruik-ik-tweestapsverificatie-zonder-nederlands-telefoonnummer-639075))
Company's response
[edit | edit source]KPN has stated that SMS is the **most widely accessible method** for two-step verification and that **other authentication channels are being evaluated**. No public timeline has been provided for the rollout of alternatives such as **landline OTP, app-based authenticators, or hardware tokens**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))
Consumer response
[edit | edit source]Community discussions and public forums indicate frustration among users who cannot use SMS, citing **restricted access, lack of alternatives, and reduced consumer autonomy**. Verified responses from KPN moderators confirm the requirement and advise users to acquire a mobile device to comply. The systemic nature of this policy has prompted consumer advocates to call for **multiple authentication channels** to enhance accessibility and security. ([KPN Community](https://community.kpn.com/online-veiligheid-25/mijnkpn-tweestapsverificatie-mfa-wordt-verplicht-wat-betekent-dit-voor-jou-637989))
Lawsuit
[edit | edit source]No publicly documented litigation regarding this policy has been reported as of 2026.